oss-sec mailing list archives

Re: Re: CVE Request - roundcubemail

From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 13 Dec 2008 13:54:03 +0100

* Raphael Geissert:

I became aware of some sort of code execution vulnerability one day
before that ticket was reported. After reviewing the file I
determined that it isn't a vulnerability in roundcube, but in PHP
itself; but I'm open to be proved wrong.


I think this is a documented feature of preg_replace with the "e"
flag, comparable to what happens when you use string concatenation to
create SQL statements.

Current thread:

CVE Request - roundcubemail Jan Lieskovsky (Dec 12)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
  - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
    - Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 16)
    - Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 17)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 17)
    - Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 24)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 28)
    - Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 15)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 15)
    - Re: Re: CVE Request - roundcubemail Christian Hoffmann (Dec 15)

(Thread continues...)